Bug 2342879 (CVE-2024-11187) - CVE-2024-11187 bind: bind9: Many records in the additional section cause CPU exhaustion
Summary: CVE-2024-11187 bind: bind9: Many records in the additional section cause CPU ...
Keywords:
Status: NEW
Alias: CVE-2024-11187
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2342889 2342890 2342891 2342892
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-01-29 21:07 UTC by OSIDB Bzimport
Modified: 2025-04-16 06:12 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:1694 0 None None None 2025-02-19 18:53:27 UTC
Red Hat Product Errata RHBA-2025:1748 0 None None None 2025-02-24 00:42:07 UTC
Red Hat Product Errata RHBA-2025:1863 0 None None None 2025-02-25 19:50:24 UTC
Red Hat Product Errata RHBA-2025:1867 0 None None None 2025-02-26 10:46:42 UTC
Red Hat Product Errata RHBA-2025:2132 0 None None None 2025-03-03 18:29:14 UTC
Red Hat Product Errata RHBA-2025:2460 0 None None None 2025-03-06 14:42:48 UTC
Red Hat Product Errata RHBA-2025:2624 0 None None None 2025-03-11 06:14:16 UTC
Red Hat Product Errata RHSA-2025:1664 0 None None None 2025-02-19 04:42:40 UTC
Red Hat Product Errata RHSA-2025:1665 0 None None None 2025-02-19 04:48:59 UTC
Red Hat Product Errata RHSA-2025:1666 0 None None None 2025-02-19 06:48:20 UTC
Red Hat Product Errata RHSA-2025:1669 0 None None None 2025-02-19 07:03:22 UTC
Red Hat Product Errata RHSA-2025:1670 0 None None None 2025-02-19 08:37:11 UTC
Red Hat Product Errata RHSA-2025:1674 0 None None None 2025-02-19 13:28:51 UTC
Red Hat Product Errata RHSA-2025:1675 0 None None None 2025-02-19 13:41:10 UTC
Red Hat Product Errata RHSA-2025:1676 0 None None None 2025-02-19 13:25:02 UTC
Red Hat Product Errata RHSA-2025:1678 0 None None None 2025-02-19 14:21:36 UTC
Red Hat Product Errata RHSA-2025:1679 0 None None None 2025-02-19 14:20:45 UTC
Red Hat Product Errata RHSA-2025:1681 0 None None None 2025-02-19 14:44:05 UTC
Red Hat Product Errata RHSA-2025:1684 0 None None None 2025-02-19 15:54:39 UTC
Red Hat Product Errata RHSA-2025:1685 0 None None None 2025-02-19 17:28:07 UTC
Red Hat Product Errata RHSA-2025:1687 0 None None None 2025-02-19 17:56:11 UTC
Red Hat Product Errata RHSA-2025:1691 0 None None None 2025-02-19 18:32:15 UTC
Red Hat Product Errata RHSA-2025:1718 0 None None None 2025-02-20 09:36:37 UTC
Red Hat Product Errata RHSA-2025:1907 0 None None None 2025-03-05 04:00:05 UTC
Red Hat Product Errata RHSA-2025:1912 0 None None None 2025-03-05 03:51:53 UTC
Red Hat Product Errata RHSA-2025:2441 0 None None None 2025-03-13 16:30:09 UTC
Red Hat Product Errata RHSA-2025:2454 0 None None None 2025-03-13 05:47:04 UTC
Red Hat Product Errata RHSA-2025:2710 0 None None None 2025-03-19 20:55:13 UTC
Red Hat Product Errata RHSA-2025:3775 0 None None None 2025-04-16 06:12:42 UTC

Description OSIDB Bzimport 2025-01-29 21:07:00 UTC 
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.
Comment 3 errata-xmlrpc 2025-02-19 04:42:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1664 https://access.redhat.com/errata/RHSA-2025:1664
Comment 4 errata-xmlrpc 2025-02-19 04:48:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1665 https://access.redhat.com/errata/RHSA-2025:1665
Comment 5 errata-xmlrpc 2025-02-19 06:48:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1666 https://access.redhat.com/errata/RHSA-2025:1666
Comment 6 errata-xmlrpc 2025-02-19 07:03:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1669 https://access.redhat.com/errata/RHSA-2025:1669
Comment 7 errata-xmlrpc 2025-02-19 08:37:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1670 https://access.redhat.com/errata/RHSA-2025:1670
Comment 8 errata-xmlrpc 2025-02-19 13:25:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1676 https://access.redhat.com/errata/RHSA-2025:1676
Comment 9 errata-xmlrpc 2025-02-19 13:28:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2025:1674 https://access.redhat.com/errata/RHSA-2025:1674
Comment 10 errata-xmlrpc 2025-02-19 13:41:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1675 https://access.redhat.com/errata/RHSA-2025:1675
Comment 11 errata-xmlrpc 2025-02-19 14:20:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1679 https://access.redhat.com/errata/RHSA-2025:1679
Comment 12 errata-xmlrpc 2025-02-19 14:21:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1678 https://access.redhat.com/errata/RHSA-2025:1678
Comment 13 errata-xmlrpc 2025-02-19 14:44:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1681 https://access.redhat.com/errata/RHSA-2025:1681
Comment 14 errata-xmlrpc 2025-02-19 15:54:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1684 https://access.redhat.com/errata/RHSA-2025:1684
Comment 15 errata-xmlrpc 2025-02-19 17:28:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2025:1685 https://access.redhat.com/errata/RHSA-2025:1685
Comment 16 errata-xmlrpc 2025-02-19 17:56:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:1687 https://access.redhat.com/errata/RHSA-2025:1687
Comment 17 errata-xmlrpc 2025-02-19 18:32:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:1691 https://access.redhat.com/errata/RHSA-2025:1691
Comment 18 errata-xmlrpc 2025-02-20 09:36:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:1718 https://access.redhat.com/errata/RHSA-2025:1718
Comment 19 errata-xmlrpc 2025-03-05 03:51:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:1912 https://access.redhat.com/errata/RHSA-2025:1912
Comment 20 errata-xmlrpc 2025-03-05 04:00:04 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:1907 https://access.redhat.com/errata/RHSA-2025:1907
Comment 21 errata-xmlrpc 2025-03-13 05:47:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:2454 https://access.redhat.com/errata/RHSA-2025:2454
Comment 22 errata-xmlrpc 2025-03-13 16:30:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:2441 https://access.redhat.com/errata/RHSA-2025:2441
Comment 23 errata-xmlrpc 2025-03-19 20:55:11 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:2710 https://access.redhat.com/errata/RHSA-2025:2710
Comment 26 errata-xmlrpc 2025-04-16 06:12:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:3775 https://access.redhat.com/errata/RHSA-2025:3775
Note You need to log in before you can comment on or make changes to this bug.